Using ServiceNow Event Ingestion Integration add-on

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Map alerts from Splunk console to create a Security Incident Response (SIR) on the ServiceNow instance.

    시작하기 전에

    Role required: sn_sec_splunk_v2.api_account_access

    프로시저

    1. Log in to Splunk Enterprise.
    2. Navigate to Apps > Search & Reporting.
    3. Select Alerts.
      A list of alerts generated in the Splunk console on the basis of correlation rule configured previously show up.
    4. Select any Configured Alert from the list.
      Trigger History of the configured alert show up.
    5. Select View Results against the alert.
    6. Expand any of the alerts using (>) icon.
    7. From the drop down, select the Workflow action label configured while setting up the add-on.
      For more information on Workflow action label, see Set up ServiceNow Event Ingestion Integration add-on
      Alerts will go in Splunk Import table followed by Splunk Event to Tasks table.

    결과

    A Security Incident Response (SIR) record is created on the ServiceNow instance as per the mapping specified in the Manual event forwarding profile. For instructions on how to set up a Manual event forwarding profile, see Create and name an event profile